package springsecurityrabclogin.filter;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

/**
 * 接收前端的验证码，并对验证码进行验证
 */
@Component
public class CaptchaFilter extends OncePerRequestFilter { //在spring框架中，实现Filter，直接继承OncePerRequestFilter更方便

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        String code = request.getParameter("captcha");
        String sessionCode = (String) request.getSession().getAttribute("captcha");
        String requestURL = request.getRequestURI();
        if (requestURL.equals("/user/login")) { //如果是登录请求，就验证验证码
            if (!StringUtils.hasText(code)) { // !取反
                //验证没通过,重定向到首页
                response.sendRedirect("/");
            } else if (!code.equalsIgnoreCase(sessionCode)) {
                response.sendRedirect("/");
            } else {
                filterChain.doFilter(request, response);
            }
        } else {
            //不是登录请求，不需要验证码，直接放行
            filterChain.doFilter(request,response);
        }
    }
}
